CVE-2025-38273
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning [1] caused by calling get_net() on a network namespace that is being destroyed (refcount=0). This happens when a TIPC discovery timer fires during network namespace cleanup. The recently added get_net() call in commit e279024617134 ("net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done") attempts to hold a reference to the network namespace. However, if the namespace is already being destroyed, its refcount might be zero, leading to the use-after-free warning. Replace get_net() with maybe_get_net(), which safely checks if the refcount is non-zero before incrementing it. If the namespace is being destroyed, return -ENODEV early, after releasing the bearer reference. [1]: https://lore.kernel.org/all/[email protected]/T/#m12019cf9ae77e1954f666914640efa36d52704a2
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38273
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.15
linux linux_kernel From 6.14.9 (inc) to 6.15 (inc)
linux linux_kernel 5.10.238
linux linux_kernel 5.15.185
linux linux_kernel 6.1.141
linux linux_kernel 6.6.93
debian debian_linux 11.0
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a refcount warning in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem. It occurs because the function get_net() is called on a network namespace that is in the process of being destroyed, which means its reference count is zero. This leads to a use-after-free warning when a TIPC discovery timer fires during network namespace cleanup. The fix replaces get_net() with maybe_get_net(), which safely checks the reference count before incrementing it, preventing the use-after-free condition.


How can this vulnerability impact me? :

The vulnerability can lead to a use-after-free condition in the Linux kernel's networking code, which may cause kernel warnings or instability. While the description does not explicitly mention exploitation or direct security impact, use-after-free issues can potentially lead to crashes or undefined behavior in the kernel, possibly affecting system reliability or security.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by replacing the get_net() call with maybe_get_net(), which safely checks the network namespace reference count before incrementing it. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix (post commit e279024617134).


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart